Upgrade urgency SECURITY: See security fixes below.
Security fixes
(CVE-2023-45145) The wrong order of listen(2) and chmod(2) calls creates a
race condition that can be used by another process to bypass desired Unix
socket permissions on startup.
Bug fixes
WAITAOF could timeout in the absence of write traffic in case a new AOF is
created and an AOF rewrite can’t immediately start (#12620)
Redis cluster
Fix crash when running rebalance command in a mixed cluster of 7.0 and 7.2
nodes (#12604)
Fix the return type of the slot number in cluster shards to integer, which
makes it consistent with past behavior (#12561)
Fix CLUSTER commands are called from modules or scripts to return TLS info
appropriately (#12569)
Changes in CLI tools
redis-cli, fix crash on reconnect when in SUBSCRIBE mode (#12571)
Module API changes
Fix overflow calculation for next timer event (#12474)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of F5 BIG-IP OS. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2023-41373.
It was discovered that the FRR did not properly check the attribute length
in NRLI. A remote attacker could possibly use this issue to cause a denial
of service. (CVE-2023-41358)
It was discovered that the FRR did not properly manage memory when reading
initial bytes of ORF header. A remote attacker could possibly use this
issue to cause a denial of service. (CVE-2023-41360)
It was discovered that FRR did not properly validate the attributes in the
BGP FlowSpec functionality. A remote attacker could possibly use this issue
to cause a denial of service. (CVE-2023-41909)